> is there a possibility to tell pf.conf to accept malformed packets. turn off 'reassemble tcp' in your scrub rule if you don't want to validate the packets. > pfctl -x loud tells me: > Aug 24 09:50:43 gw-bonn /bsd: pf_normalize_tcp_stateful: Did not receive > expected RFC1323 timestamp > 09:50:43.291716 160.44.70.4.www > 192.168.100.1.49653: F 105:105(0) ack > 498 win 64091 <nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop> (DF)
That's not the offending packet. We'll only check RFC1312 PAWS timestamps on data packets while the connection is in the established state. That packet isn't bearing any data. .mike
